Analysis & Commentary on the Week’s Cyber Security Issues
The “so what” factor feeds and aggregators don’t give you.
Are You Getting the Most from Your Threat Intelligence Subscription?
Cyber threat intelligence can help you defend your enterprise, but it is not a silver bullet. History is replete with examples of decision-makers not liking or agreeing with flashing red lights in front of them, and then paying the price. On the other hand, decision-makers have to understand that “most dangerous” scenarios are called that for a reason: the probability may be small, but it is not zero. Intelligence is only useful if you have a system in place that enables you to act on it, and you actually do so. With enough time and false alarms you will start to think that because nothing you have been warned about has ever happened nothing will ever happen. That’s the point at which you’re going to devalue intelligence and be caught by “surprise” and intelligence will have “failed” you.
Why Cyber-Criminals Are Always One Step Ahead
The cliche that offense has it easier than defense really only applies when it comes to issues of scale. It is easy to do bad things to a large number of unsuspecting and unsophisticated people. A reasonably protected enterprise is largely opaque to an intruder in the early stages of an attack. They have no idea if or when they’ll get caught until it is clear the defenders are blind, deaf, or otherwise not paying attention. Practices, relationships, and mechanisms that enable you to learn and work at scale help to even the odds. Information sharing, services that provide herd immunity, services/tools that shorten time between infection and detection are not necessarily glamorous but they help you keep pace with the threat.
Why Physical Security Professionals Need to Get to Grips with Cyber Security
Default passwords and other configuration follies are the physical security device equivalent of ‘password123’ on routers and maintenance accounts. The ability to control such devices unbenknownst to system users provides attackers with a range of options, from ‘eye in the sky’ enabled credential acquisition, to insider-level knowledge that can enable and support physical compromise. Physical security systems were IoT before IoT was a thing, and their importance – and potential risk they pose – is only going to grow. Making friends with your counterpart in physical security to make sure you’re not inadvertently working against each other.
The Cyber Threat: [Administration] Policies Toward Hackers From China, Iran, Syria Produce Few Results
Declaring policies on cyber threats as ineffective is good politics, but legacy political models for dealing with these issues are inadequate regardless of your party affiliation. Indictments on the domestic front, international efforts to cyber-ize cold-war-like practices, both are signs that the legacy policy establishment is largely devoid of meaningful solutions to the problems we face. Rather than shoe-horn legacy futures into a modern context, we should be working towards novel solutions that reflect the world as it is, not as we wish it to be. Security practitioners can think of few things less attractive than policy development, yet it is a skill that must be mastered if we hope to avoid a world where math is banned and knowing how to code casts a pall of suspicion upon you.
Business failing to learn lessons of past cyber attacks, report shows
Your regular (sadly) reminder that it is a focus on fundamentals that will bring about the biggest improvements in your cyber security posture.